Cisco NX-OS Software NX-API Arbitrary Command Execution (CVE-2018-0313)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command- injection exploit. The vulnerability is due to incorrect input validation of user-supplie...

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service (CVE-2018-0298)

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

Security Bulletin: Python-requests is vulnerable to CVE-2023-32681 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses python-requests which is vulnerable to CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization...

acs.qc.ca Cross Site Scripting vulnerability OBB-3547055

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

U.S. Dept Of Defense: Blind Sql Injection in https://█████/qsSearch.aspx

A blind SQL injection vulnerability was discovered in the qsSearch.aspx page of the application. An attacker could exploit this vulnerability to bypass authentication and retrieve sensitive information from the database. The vulnerability has been mitigated by implementing appropriate security...

Fedora: Security Advisory for curl (FEDORA-2023-6139d4e088)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

github.com/elazarl/goproxy is vulnerable to Denial Of Service DoS. The vulnerability exists in the handleHttps function of https.go when the proxy is in MITM mode due to not properly validating the host URLs, which allows an attacker to cause an application crash when a HTTP request goes to HTTPS...

Denial Of Service (DoS)

keylime is vulnerable to Denial Of Service DoS. The vulnerability exists because the Registrar gets blocked after opening a single connection to its HTTPS interface which allows an attacker to cause an application crash...

Oracle HTTP Server (Jul 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jul 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Thirdparty LibExpat. The supported version that is affected ...

Amazon Linux 2 : python3-requests (ALAS-2023-2111)

The version of python3-requests installed on the remote host is prior to 2.14.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2111 advisory. A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy- Authorization heade...

USN-6237-1: curl vulnerabilities

Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...

SUSE SLES12 Security Update : python-requests (SUSE-SU-2023:2865-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2865-1 advisory. - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when...

WordPress WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content Plugin <= 6.2.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content Type Plugin Vulnerable versions = 6.2.0 Fixed in 6.3.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer...

Medium: python-requests

Issue Overview: A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the...

Medium: python-requests

Issue Overview: A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the...

Medium: python3-requests

Issue Overview: A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the...

Path traversal

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverag...

CVE-2023-2913 Rockwell Automation ThinManager ThinServer Path Traversal Vulnerability

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverag...

CVE-2023-2913

CVE-2023-2913 describes a relative path traversal vulnerability in Rockwell Automation ThinManager ThinServer. When the HTTPS Server Settings API feature is enabled, remote attackers could leverage server filesystem privileges to read arbitrary files. Affected products/versions cited in sources i...

WordPress Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL Plugin < 3.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Free SSL Certificate Plugin, HTTPS Redirect, Renewal Reminder – Auto-Install Free SSL Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Clai...